VulnerabilityBleeping Computer
9.0 — CRITICAL
Ivanti warns of new EPMM flaw exploited in zero-day attacks
Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Ivanti EPMM is vulnerable to a zero-day remote code execution vulnerability (CVE-2026-6973) due to an Improper Input Validation weakness, allowing attackers with administrative privileges to execute arbitrary code on targeted systems.
⚙️Technical Details
Affected Systems
Endpoint Manager Mobile (EPMM)
Attack Vectors
admin authentication
💥Impact Assessment
Severity: critical
Who Is at Risk
customers using Ivanti EPMM 12.8.0.0 and earlier
🛡️Recommended Actions
1Install Ivanti EPMM 12.6.1.1, 12.7.0.1, and 12.8.0.1 to mitigate the vulnerability
2Review accounts with Admin rights and rotate those credentials where necessary
3Apply patches for other high-severity EPMM vulnerabilities (CVE-2026-5786, CVE-2026-5787, CVE-2026-7821)
📦Affected Products
Ivanti Endpoint Manager Mobile (EPMM)
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.